Our Blog

WordPress Vulnerability CVE-2014-4972 released on NVD

By Laura Gannon | Jan 8, 2018 | 0 Comments

Unrestricted file upload vulnerability in the Gravity Upload Ajax plugin 1.1 and earlier for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file under wp-content/uploads/gravity_forms. Published on January 08, 2018 at 11:29AMView on the National Vulnerability Database

Read More

WordPress Vulnerability CVE-2014-8335 released on NVD

By Laura Gannon | Jan 5, 2018 | 0 Comments

(1) wp-dbmanager.php and (2) database-manage.php in the WP-DBManager (aka Database Manager) plugin before 2.7.2 for WordPress place credentials on the mysqldump command line, which allows local users to obtain sensitive information by listing the process. Published on January 05, 2018 at 08:29AMView on the National Vulnerability Database

Read More

WordPress Vulnerability CVE-2014-8336 released on NVD

By Laura Gannon | Jan 5, 2018 | 0 Comments

The "Sql Run Query" panel in WP-DBManager (aka Database Manager) plugin before 2.7.2 for WordPress allows remote attackers to read arbitrary files by leveraging failure to sufficiently limit queries, as demonstrated by use of LOAD_FILE in an INSERT statement. Published on January 05, 2018 at 08:29AMView on the National Vulnerability Database

Read More

WordPress Vulnerability CVE-2015-3302 released on NVD

By Laura Gannon | Dec 29, 2017 | 0 Comments

The TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allows remote attackers to obtain sensitive order detail information by leveraging a "broken authentication mechanism." Published on December 29, 2017 at 02:29PMView on the National Vulnerability Database

Read More

WordPress Vulnerability CVE-2015-7666 released on NVD

By Laura Gannon | Dec 27, 2017 | 0 Comments

Multiple cross-site scripting (XSS) vulnerabilities in the (1) cp_updateMessageItem and (2) cp_deleteMessageItem functions in cp_ppp_admin_int_message_list.inc.php in the Payment Form for PayPal Pro plugin before 1.0.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the cal parameter. Published on December 27, 2017 at 11:29AMView on the National Vulnerability Database

Read More

WordPress Vulnerability CVE-2015-7667 released on NVD

By Laura Gannon | Dec 27, 2017 | 0 Comments

Multiple cross-site scripting (XSS) vulnerabilities in (1) templates/admanagement/admanagement.php and (2) templates/adspot/adspot.php in the ResAds plugin before 1.0.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the page parameter. Published on December 27, 2017 at 11:29AMView on the National Vulnerability Database

Read More

WordPress Vulnerability CVE-2015-7668 released on NVD

By Laura Gannon | Dec 27, 2017 | 0 Comments

Cross-site scripting (XSS) vulnerability in includes/MapPinImageSave.php in the Easy2Map plugin before 1.3.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the map_id parameter. Published on December 27, 2017 at 11:29AMView on the National Vulnerability Database

Read More

WordPress Vulnerability CVE-2015-7668 released on NVD

By Laura Gannon | Dec 27, 2017 | 0 Comments

Cross-site scripting (XSS) vulnerability in includes/MapPinImageSave.php in the Easy2Map plugin before 1.3.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the map_id parameter. Published on December 27, 2017 at 11:29AMView on the National Vulnerability Database

Read More

WordPress Vulnerability CVE-2015-7669 released on NVD

By Laura Gannon | Dec 27, 2017 | 0 Comments

Multiple directory traversal vulnerabilities in (1) includes/MapImportCSV2.php and (2) includes/MapImportCSV.php in the Easy2Map plugin before 1.3.0 for WordPress allow remote attackers to include and execute arbitrary files via the csvfile parameter related to "upload file functionality." Published on December 27, 2017 at 11:29AMView on the National Vulnerability Database

Read More

WordPress Vulnerability CVE-2011-4955 released on NVD

By Laura Gannon | Dec 20, 2017 | 0 Comments

Multiple cross-site scripting (XSS) vulnerabilities in ui_stats.php in the bSuite plugin before 5 alpha 3 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) s or (2) p parameters to index.php. Published on December 20, 2017 at 02:29PMView on the National Vulnerability Database

Read More

Subscribe to Blog

Get Updates about new blog posts as well as the latest in WordPress Vulnerabilities.

Something went wrong. Please check your entries and try again.